V694. The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.


The analyzer has detected a very suspicious condition: a constant value is added to or subtracted from a pointer. The result is then compared to zero. Such code is very likely to contain a typo.

Take a look at the following example with addition:

int *p = ...;
if (p + 2)

This condition will be always true. The only case when the expression evaluates to 0 is when you deliberately write the magic number "-2" into the pointer.

The fixed code:

int *p = ...;
if (*p + 2)

Now let's examine an example with subtraction:

char *begin = ...;
char *end = ...;
....
const size_t ibegin = 1;
....
if (end - ibegin)

It is the variable 'begin' that should have been subtracted from the variable 'end'. Because of the poor variable naming, the programmer used by mistake the constant integer variable 'ibegin'.

The fixed code:

char *begin = ...;
char *end = ...;
....
if (end - begin)

Note. This warning is generated only when the pointer is "actual" - e.g. pointing to a memory area allocated through the "malloc()" function. If the analyzer does not know what the pointer equals to, it won't generate the warning in order to avoid unnecessary false positives. It does happen sometimes that programmers pass "magic numbers" in pointers and conditions of the (ptr - 5 == 0) pattern do make sense.

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-571.

You can look at examples of errors detected by the V694 diagnostic.


Bugs Found

Checked Projects
366
Collected Errors
13 539